Main navigation

Last Week on My Mac: App Store Eavesdroppers

Apple’s retail stores are among my favourite shops. After bookstores, which have been my obsession ever since I learned to read, they are the best: well designed, plenty of hardware to look at and play with, friendly but not pushy sales staff, and products which I can trust to work really well. They may not be the cheapest, but I can’t think of any lemon which I have bought there.

What greater contrast than with Apple’s App Store?

In most parts, it’s like a jumble sale, full of items of doubtful origin, but if you look hard enough there are some real gems. There’s no sort of quality control, it’s well nigh impossible to navigate, and frankly an embarrassment to a premium brand like Apple.

And over the last few days, it has become manifest that we can’t even trust the App Store’s products to respect our private data.

Reports from security experts Thomas Reed in Malwarebytes Labs, Patrick Wardle of Objective-See and @privacyis1st have revealed that not one but several App Store apps, including the best-selling Adware Doctor, access users’ private data against App Store rules and provisions in macOS, and have been sending exfiltrated private data to remote servers.

The apps which have so far been identified as behaving deceptively and against the interests of the user include:

Adware Doctor which breached App Store rules, deceptively exfiltrated private data including browser histories, and sent them to a remote server. Explicit and detailed complaints have been made to the App Store by several researchers since the middle of August, but the app has only just been taken down from the US store. Oddly, an app of this name is still available on the UK App Store as of 8 September 2018, although it purports to come from a different developer, and has a different app icon. Apple needs to clarify whether that is the same product, or is safe to use, as a matter of urgency.

Adware Medic, the predecessor of Adware Doctor, which was taken down after Thomas Reed complained to the App Store in 2015, only for the App Store to accept the near-identical Adware Doctor.

Open Any Files: RAR Support which exfiltrated similar private data for several months late last year and this year, has been reported to the App Store, but is still available on the Store as of 8 September 2018.

Dr. Antivirus which exfiltrates browser history and a detailed listing of all installed apps. Still available as of 8 September 2018.

Dr. Cleaner which also exfiltrates browser history without the app listing. This is still available as of 8 September 2018, and has even been recommended by MacWorld.

I am stunned that Apple, a company which rightly refuses to sell cheap adaptor cables in its stores because it considers that we should only use high quality approved accessories, is continuing to sell (or give away, in some cases) four products which security researchers have demonstrated break Apple’s own rules, and grossly abuse the user’s privacy. This after the Keynote at WWDC 2018 pronounced:“You know, one of the reasons that people choose Apple products is because of our commitment to security and privacy. And we believe that your private data should remain private, not because you’ve done something wrong or that you have something to hide but because there can be a lot of sensitive data on your devices, and we think you should be in control of who sees it.”

So long as it continues to get its 30% cut of sales, and count these apps in the multitude which the App Store offers to Mac users, Apple has been perfectly happy to supply us with spyware.

Can the App Store survive in its present form? Haven’t users finally lost faith in its bland assurance that its apps are screened and checked by Apple, and are ‘safe’ for us to use? When Apple has ignored the evidence of well-known security experts and failed to take action over these apps, how many others in the store might prove similarly malicious?

I think that Apple has two options which could restore its credibility and reputation.

The first would be to change the whole approach of the App Store to that of its physical stores, by offering only a select list of fully-tested apps of comparable quality to Apple’s own products. This would give buyers the confidence that, not only will these apps not turn out to be spyware, but they would be worth buying and using.

The alternative would be to recruit an independent board which oversaw the application of its screening procedures, and the investigation of complaints, giving it the transparency which should ensure that this never happens again.

If Apple does neither, then its App Store will act corrosively, and can only tarnish the whole of its brand.

Postscript

As of 0730 10 September 2018, Apple has finally removed the apps named above from its UK App Store, and apparently from its other App Stores too. However, there are still a lot of apps which need to be more thoroughly investigated as to their efficacy and legitimacy: search on adware for example to see a lot which make bold claims that would appear to be impossible under App Store rules.

Thomas Reed of Malwarebytes has also asked me to make the distinction between the old Adware Medic app mentioned above and his completely legitimate and effective app AdwareMedic. This raises another issue which the App Store needs to address as a matter of urgency: the abuse of names of other apps and counterfeiting.

The App Store remains a big problem for Apple, and until it addresses these problems will continue to tarnish the whole brand.

Related

44Comments

Iron rule: Price, speed, quality you can only pick two: Apple opted to pick POLITICS and now they can only pick ONE.

Alex Jones and other pointless “app bans” have distracted Apple to the point where their release speed and quality have suffered. Banning effective privacy tools like AdGuard Pro (where users could easily blacklist Chinese shysters) is just icing on the cake.

100% agree with what was pointed out in the article above. This what’s happening with App Store should be unacceptable within Apple’s ecosystem and of course, here the Apple is responsible for it’s own service to take care about that crap-ware floating around it’s App Store.

On the other hand… Do you see, what kind of apps are we here talking about? You’re talking here basically about two particular kinds of apps, malware protection or removal and system optimizers and automated cleaners.

We can read it everywhere on the internet if we pay attention… Those kinds of apps are not recommended for macOS (or IOS) and they could be harmful to the system in many ways!!!

There is no automatic system optimization which you can really trust that it’s doing it’s job 100% right way. If you want to optimize or clean your system, than do your research, find out exactly what you need, understand what are you doing and make it your self. It might be time consuming, but you will find out there’s no ‘magic’ app necessary for that. And keep in mind, every file, every cache, every settings or whatever in the system is there for reason, so sometimes when you ‘clean-up’ and delete something, actually you can make things worse and can make system unstable, acting slower than before.

Regarding malware, spyware, in general privacy protection, I’m not saying Macs are immune to the thread and there’s no need to worry, but again, those ‘magic’ apps they won’t save you!!! They even produce collisions with Macs own system protection and generally they don’t bring any extra benefit. It’s you and your responsibility, how do you act on the Internet, which makes your system safe or vulnerable.

Again, do you research, continuously, and know actual threads!!! Setup your safety rules of behavior online. And know the apps which you are using!!! If you want to test an app (where you have no experience from before or no relevant reference is available) always do it on separate ‘testing’ system, take your time to evaluate that app behavior and always know before what this app installs and how to get a rid of that app in case you will need it later.

My apologies for taking your time Howard with this damn long text, I just felt I had to say this. I believe the macOS and IOS are still pretty robust and safe systems, and most risky part of the chain here, is the ‘user’ – us.

Thank you, Manoli – no apologies needed. They’re important lessons which I have written about before, and no doubt will write about again.
Most of the things that these apps claim to be able to do are either not permitted in the Sandbox, or are banned in App Store rules. The moment that any app in the Store claims to zap or remove adware or malware, or clean your disk, you should be extremely suspicious that it can’t do that, even if that were necessarily something which was wise to try.
Apple should be protecting its customers much better: despite the several reports it has received on the apps named in the article, they’re still available on the UK App Store, which is utterly disgraceful.
Howard.

[…] Dr. Cleaner and others. This issue was reported before by a user on the Malwarebytes forum, and in another report. Other researchers followed up and found that apps distributed by “Trend Micro, Inc.” on the […]

[…] Dr. Cleaner and others. This issue was reported before by a user on the Malwarebytes forum, and in another report. Other researchers followed up and found that apps distributed by “Trend Micro, Inc.” on the […]

[…] Dr. Cleaner and others. This issue was reported before by a user on the Malwarebytes forum, and in another report. Other researchers followed up and found that apps distributed by “Trend Micro, Inc.” on the […]

[…] Dr. Cleaner and others. This issue was reported before by a user on the Malwarebytes forum, and in another report. Other researchers followed up and found that apps distributed by “Trend Micro, Inc.” on the […]

[…] Dr. Cleaner and others. This issue was reported before by a user on the Malwarebytes forum, and in another report. Other researchers followed up and found that apps distributed by “Trend Micro, Inc.” on the […]

[…] and others. This subject was reported earlier than by a consumer on the Malwarebytes forum, and in another report. Other researchers followed up and located that apps distributed by “Development Micro, […]

[…] Dr. Cleaner and others. This issue was reported before by a user on the Malwarebytes forum, and in another report. Other researchers followed up and found that apps distributed by “Trend Micro, Inc.” on the […]

[…] Dr. Cleaner and others. This issue was reported before by a user on the Malwarebytes forum, and in another report. Other researchers followed up and found that apps distributed by “Trend Micro, Inc.” on the […]

[…] and others. This concern was reported earlier than by a person on the Malwarebytes forum, and in another report. Other researchers followed up and located that apps distributed by “Pattern Micro, […]

[…] and others. This situation was reported earlier than by a person on the Malwarebytes forum, and in another report. Other researchers followed up and located that apps distributed by “Pattern Micro, […]

[…] Dr. Cleaner and others. This issue was reported before by a user on the Malwarebytes forum, and in another report. Other researchers followed up and found that apps distributed by “Trend Micro, Inc.” on the […]

[…] Dr. Cleaner and others. This issue was reported before by a user on the Malwarebytes forum, and in another report. Other researchers followed up and found that apps distributed by “Trend Micro, Inc.” […]

[…] Dr. Cleaner and others. This issue was reported before by a user on the Malwarebytes forum, and in another report. Other researchers followed up and found that apps distributed by “Trend Micro, Inc.” on the […]

[…] Dr. Cleaner and others. This issue was reported before by a user on the Malwarebytes forum, and in another report. Other researchers followed up and found that apps distributed by “Trend Micro, Inc.” on the […]

[…] Dr. Cleaner and others. This issue was reported before by a user on the Malwarebytes forum, and in another report. Other researchers followed up and found that apps distributed by “Trend Micro, Inc.” […]

[…] Dr. Cleaner and others. This issue was reported before by a user on the Malwarebytes forum, and in another report. Other researchers followed up and found that apps distributed by “Trend Micro, Inc.” […]

[…] Dr. Cleaner and others. This issue was reported before by a user on the Malwarebytes forum, and in another report. Other researchers followed up and found that apps distributed by “Trend Micro, Inc.” on the […]

[…] Dr. Cleaner and others. This issue was reported before by a user on the Malwarebytes forum, and in another report. Other researchers followed up and found that apps distributed by this “Trend Micro, […]

[…] Dr. Cleaner and others. This issue was reported before by a user on the Malwarebytes forum, and in another report. Other researchers followed up and found that apps distributed by this “Trend Micro, […]

[…] Dr. Cleaner and others. This issue was reported before by a user on the Malwarebytes forum, and in another report. Other researchers followed up and found that apps distributed by this “Trend Micro, Inc.” […]

[…] Dr. Cleaner and others. This issue was reported before by a user on the Malwarebytes forum, and in another report. Other researchers followed up and found that apps distributed by this “Trend Micro, Inc.” […]

[…] Dr. Cleaner and others. This issue was reported before by a user on the Malwarebytes forum, and in another report. Other researchers followed up and found that apps distributed by this “Trend Micro, Inc.” […]

As of this post, Open Any File: RAR Support is still available in my app store / USA east coast as are some other Trend micro apps relating to wifi and network. I have no reason to think they are trustworthy based on this and postings by some other security sites.

[…] Dr. Cleaner and others. This issue was reported before by a user on the Malwarebytes forum, and in another report. Other researchers followed up and found that apps distributed by this “Trend Micro, […]